| id: GO-2025-3962 |
| modules: |
| - module: github.com/esm-dev/esm.sh |
| unsupported_versions: |
| - last_affected: 136.0.0 |
| vulnerable_at: 0.0.0-20250920062728-5cc3937618bd |
| summary: esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh |
| cves: |
| - CVE-2025-59341 |
| ghsas: |
| - GHSA-49pv-gwxp-532r |
| references: |
| - advisory: https://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-59341 |
| - fix: https://github.com/esm-dev/esm.sh/commit/492de92850dd4d350c8b299af541f87541e58a45 |
| - web: https://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/server/router.go#L1168 |
| source: |
| id: GHSA-49pv-gwxp-532r |
| created: 2025-09-22T17:59:12.247720353Z |
| review_status: UNREVIEWED |